首页
登录 | 注册

简单的SSM-Shiro安全框架搭建

首先需要导jar包!

简单的SSM-Shiro安全框架搭建

配置你自己的web.xml

CharacterEncodingFilter org.springframework.web.filter.CharacterEncodingFilter encoding utf-8 forceEncoding true CharacterEncodingFilter /* shiroFilter org.springframework.web.filter.DelegatingFilterProxy targetFilterLifecycle true targetBeanName shiroFilter shiroFilter /* DispatcherServlet org.springframework.web.servlet.DispatcherServlet contextConfigLocation classpath:springmvc.xml 1 DispatcherServlet / org.springframework.web.context.ContextLoaderListener contextConfigLocation classpath:spring.xml

接下来创建一个spring-shiro.xml,我是自己这样写的,你们写的啥自己看看

<?xml version="1.0" encoding="UTF-8"?>

/user/toLogin** = anon

<aop:config proxy-target-class=“true” ></aop:config>

redirect:/user/toNopermission

对了,你们springmvc.xml中还需要添加一段配置,如下:




我自己定义的realm类叫userRealm

package com.youzhong.realm;

import com.youzhong.dao.UserMapper;
import com.youzhong.entity.User;
import com.youzhong.entity.UserExample;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.ArrayList;
import java.util.List;

public class UserRealm extends AuthorizingRealm {

@Autowired
public UserMapper userMapper;


@Override
public String getName() {
    return "UserRealm";
}

@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
    User user = (User) principalCollection.getPrimaryPrincipal();

     ArrayList<String> permissions = new ArrayList<>();

     if(user.getStatus().equals("admin")){
        permissions.add("*:*");
     }else if(user.getStatus().equals("error")){
         permissions.add("*:select");
     }else if(user.getStatus().equals("ok")){
         permissions.add("*:edit");
     }
    SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
     info.addStringPermissions(permissions);

    return info;
}

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
    String username = (String) authenticationToken.getPrincipal();
    UserExample userExample = new UserExample();
    userExample.createCriteria().andUsernameEqualTo(username);
    List<User> users = userMapper.selectByExample(userExample);
    if(users.size()>0 ){
          return new SimpleAuthenticationInfo(users.get(0),users.get(0).getPassword(),getName());

    }
    return null;
}

}


注意我这只是模拟,并不是企业级项目,只是搭建,这是我的ajax登陆!

package com.youzhong.controller;

import com.youzhong.entity.User;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

import javax.servlet.http.HttpServletRequest;

@Controller
@RequestMapping(“user”)
public class UserController {

@RequestMapping("toLogin")
public String toLogin() {
    return "user/login";
}

@RequestMapping(value = "toLoginVerify")
@ResponseBody
public String login(User user, HttpServletRequest req) {
    UsernamePasswordToken token = new UsernamePasswordToken(user.getUsername(), user.getPassword());
    Subject subject = SecurityUtils.getSubject();
    try {
        subject.login(token);
    } catch (UnknownAccountException ex) {
        return  "u1";
    } catch (IncorrectCredentialsException ex) {
        return "i1";
    } catch (AuthenticationException e) {
        return "a1";
    }
    return "ok";
}
@RequestMapping("logout")
public String logout(){
    Subject subject = SecurityUtils.getSubject();
    subject.logout();
    return "user/login";
}


@RequestMapping("toNopermission")
public String toNopermission(){
    return "no/nopermission";
}

}

login页面,这是我写的用的easyui

<%–
Created by IntelliJ IDEA.
User: 你好!
Date: 2019/4/9
Time: 16:11
To change this template use File | Settings | File Templates.
–%>
<%@ page contentType=“text/html;charset=UTF-8” language=“java” %>
<%@ include file="/static/taglib.jsp"%>

Title

-1


相关文章

  • 微软发布人工智能教育与学习共建社区
    步入2019,人工智能(Artificial Intelligence)的浪潮依然汹涌,各国对于AI人才的需求进一步加大:2月,美国总统特朗普签署行政命令,正式启动美国人工智能计划:加拿大正通过"全球技能战略签证"吸引国 ...
  • 一份还热乎的蚂蚁金服面经(已拿Offer)!附答案!!
    本文来自我的知识星球的球友投稿,他在最近的校招中拿到了蚂蚁金服的实习生Offer,整体思路和面试题目由作者--泽林提供,部分答案由Hollis整理自知识星球<Hollis和他的朋友们>中「直面Java」板块. 经历了漫长一个月的 ...
  • 云原生的新思考,为什么容器已经无处不在了
    4月24日,中国信息通信研究院主办的首届云原生产业大会在北京举行,在<云原生数字引领未来>的主题演讲中,阿里云容器服务总监易立表示:"云原生不但可以很好的支持互联网应用,也在深刻影响着新的计算架构.新的智能数据应用.以 ...
  • 贾扬清:我对人工智能方向的一点浅见
    阿里妹导读:作为 AI 大神,贾扬清让人印象深刻的可能是他写的AI框架Caffe ,那已经是六年前的事了.经过多年的沉淀,成为"阿里新人"的他,对人工智能又有何看法?最近,贾扬清在阿里内部分享了他的思考与洞察,欢迎共同探 ...
  • CODING 研发管理系统上线全球加速,助力企业跨区域协作
    CODING 研发管理系统现已全面支持全类型代码仓库的 全球加速访问. 随着国内互联网红利的日趋枯竭与全球互联网的加速普及.越来越多的企业开始走出国门,将目光投向全世界,搭建跨国体系.跨出国门的中国企业在选择服务时,首要考虑国内的速度和可靠 ...

2020 jeepshoe.net webmaster#jeepshoe.net
13 q. 0.375 s.
京ICP备10005923号